SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mail reset password link using php..

    hii all,
    i'm developing a script that emails a random link to user's email when an user has forgotten his/her password.,
    the problem is, i want to insert a random key in my database key column against the same user who has clicked forgot password link, after inserting the same i should invoke php mail to send the URL who has lost password..
    now after running the below script on my server, i can see URL in plain text printed same as in the script. can anyone please help me, how to achieve those 2 operations(inserting a random key into DB against an user who clicks forgot password, email valid URL to user)..

    here is my script;
    Code PHP:
    <?php
     session_start();
     
     //Connect to mysql server
    	$link=mysql_connect("localhost","root","");
    	if(!$link) {
    		die('Failed to connect to server: ' . mysql_error());
    	}
    	//Select database
    	$db=mysql_select_db("blackerdread");
    	if(!$db) {
    		die("Unable to select database");
    	}
     
     if(!get_magic_quotes_gpc())
     {
    	$row['customerID'] = stripslashes($_POST[$row['customerID']]);
     }else{
    	$row['customerID'] = $_POST[$row['customerID']];
     
     }
     
     
     
    	 $key = substr(base64_encode(crypt('', '')), 0, 32);
        $query1="INSERT INTO ss_customers (key) VALUES ('$key') WHERE customerID='8'";
    	 $result1=mysql_query($query1);
    	 echo $query1;
    	 exit();
    	 $query = "SELECT Login, Email FROM ss_customers WHERE customerID='8'";
    	  $result=mysql_query($query);
    	  $row = mysql_fetch_array($result);
    		  if(mysql_num_rows($result)>0) 
    			{
    			$Email = $row['Email'];
    			$Login = $row['Login'];
    			$headers4="admin@blackerdread.com"; // Change this address within quotes to your address
                $headers.="Reply-to: $headers4\n";
                $headers .= "From: $headers4\n";
                $headers .= "Errors-to: $headers4\n";
     
     
    // mail funciton will return true if it is successful
    if(mail("$Email","Your Request for login details","This is in response to your request for login detailst at site_name \n \nLogin ID: $Login \n URL . resetpassword.php?page=reset-password&Login= . urlencode($Login) . &key= . urlencode($key) . \r\n . \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";}
    else{// there is a system problem in sending mail
    echo " <center><font face='Verdana' size='2' color=red >There is some system problem in sending login details to your address. Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
    	}
    	else {
    		echo "mail not sent";
    	}
    PHP Professional turned ASP.NET Professional

  2. #2
    SitePoint Zealot Steveiwonder's Avatar
    Join Date
    Nov 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What happens when you run this script?

  3. #3
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What happens when you run this script?
    when i run this script, an email has been sent with URL as plain text

    URL . resetpassword.php?Login= . urlencode($Login) . &key= . urlencode($key) .

    in place of $Login, LoginID of the user and in place of $key a key were generated.
    and moreover, i dont see any key inserted into the DB.
    what i require is, when the user enters correct details like secret question, then a random key should be generated then inserted into the DB against a particluar user ROW, and an email has to be sent to the same user containg the key in URL.

    i hope you understand..
    many thanks for the comeback.
    PHP Professional turned ASP.NET Professional

  4. #4
    SitePoint Zealot Steveiwonder's Avatar
    Join Date
    Nov 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code PHP:
    <?php
     
    $key = substr(base64_encode(crypt('', '')), 0, 32);
    $key = mysql_real_escape_string($key);
    $query1="UPDATE ss_customers SET key = ('{$key}') WHERE customerID='8'";

    Try that
    Last edited by Steveiwonder; Apr 1, 2009 at 07:13.

  5. #5
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hii..
    PHP Code:

    <?php

    $key = substr(base64_encode(crypt('', '')), 0, 32);
    $key = mysql_real_escape_string($key);
    $query1="INSERT INTO ss_customers (key) VALUES ('{$key}') WHERE customerID='8'";


    Try that
    yes, i tried that.. but i cannot see any key inserted into the DB..
    thats fine, i've a doubt now regarding URL parameters..
    now i need to GET those parameters which i'm sending to a particular user via URL.
    $URL. "resetpassword.php?Login=" . urlencode($Login) . "&key=$key\n"

    after clicking the above URL, user will be shown a password update form, after entering passwords correctly, form action for the resetpassword page is updatepassword, where in update password page, i need to check for Login in DB and matches it with URL's Login then if both are validated then the password will be updated else an error message "your userid not matched with the URL"

    how to get parameters from that URL and match them with DB??
    here is my resetpassword.php code
    Code PHP:
    <?php
    session_start();
    $Login = $_GET['Login'];
    //echo $Login;
    //exit();
    $customerID = $_GET['customerID'];
    $Login = $_SESSION[$_GET['Login']];
     
    ?>
    <HTML>
    <HEAD>
     
    <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; CHARSET=UTF-8">
    <META HTTP-EQUIV="CONTENT-SCRIPT-TYPE" CONTENT="text/javascript">
     
    <TITLE>Password Change Form</TITLE>
    <script>
     
    form_submitted=false
    function ValidationError(form, Invalid, error_message, focus)
    {
    	alert(error_message)
    	if(form[focus].focus)
    		form[focus].focus()
    }
     
    function ValidateForm(theform)
    {
    	var e='There were problems with your input:\n\n', i={}, f='', r, s
     
    	r=theform['newpassword']
    	r.className=''
    	r=theform['confirm']
    	r.className=''
     
    	 if(!i['newpassword']
    	&& (theform['newpassword'].value==''))
    	{
    		r=theform['newpassword']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='newpassword'
    		else
    			e+='\n\n'
    		e+=(i['newpassword']='==> Please enter your new password.')
    	}
    		if(!i['newpassword']
    	&& ((theform['newpassword'].value.search
    	&& theform['newpassword'].value.search(new RegExp('^[a-zA-Z]','g'))==-1)))
    	{
    		r=theform['newpassword']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='newpassword'
    		else
    			e+='\n\n'
    		e+=(i['newpassword']='==> The new password must start with a letter.')
    	}
     
    		if(!i['newpassword']
    	&& (theform['newpassword'].value.length<8))
    	{
    		r=theform['newpassword']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='newpassword'
    		else
    			e+='\n\n'
    		e+=(i['newpassword']='==> The Password must contain atleast 8 characters.')
    	}
    		if(!i['newpassword']
    	&& (theform['newpassword'].value.length>14))
    	{
    		r=theform['newpassword']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='newpassword'
    		else
    			e+='\n\n'
    		e+=(i['newpassword']='==> The Password must not exceed 15 characters.')
    	}
    		 if(!i['confirm']
    	&& (theform['confirm'].value==''))
    	{
    		r=theform['confirm']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='confirm'
    		else
    			e+='\n\n'
    		e+=(i['confirm']='==> Please enter your confirmation password.')
    	}
    		if(!i['confirm']
    	&& (theform['confirm'].value!=theform['newpassword'].value))
    	{
    		r=theform['confirm']
    		r.className='invalid'
    		if(e=='There were problems with your input:\n\n')
    			f='confirm'
    		else
    			e+='\n\n'
    		e+=(i['confirm']='==> Passwords do not match.')
    	}
     
    if(e!='There were problems with your input:\n\n')
    	{
    		ValidationError(theform, i, e, f)
    		form_submitted=false
    		return false
    	}
    	return true
    }
    	</script>
    </HEAD>
    <body BGCOLOR="#FFFFFF" TEXT="#252525" VLINK="#990000" ALINK="#990000" LINK="#990000" onload="document.forms['changepassword']['password'].focus()" >
     
    <BR>
    <TABLE WIDTH="770" BORDER="0" CELLSPACING="2" CELLPADDING="4" ALIGN="CENTER" >
     
    <TR>
    <TD>
    <P CLASS="headerbanner">
    Password Change Form
    </P>
     
    <FORM NAME="changepassword" METHOD="POST" 
    ACTION="updatepassword.php" onsubmit="return ValidateForm(this)">
     
    <TABLE CELLPADDING="2" ALIGN="CENTER" 
    SUMMARY="Secondary table holds input fields and buttons" >
     
     
    <TR>
    <TD CLASS="text">
    <SPAN STYLE="font-weight: bold;" >
    New Password:
    </SPAN>
    <BR>
    <INPUT TYPE="PASSWORD" CLASS="password" NAME="newpassword" MAXLENGTH="15" SIZE="30">
     
    </TD>
    </TR>
    <TR>
    <TD CLASS="text">
    <SPAN STYLE="font-weight: bold;">
    Confirm New Password:
    </SPAN>
    <BR>
    <INPUT TYPE="PASSWORD" NAME="confirm"  MAXLENGTH="15" SIZE="30">
    </TD>
    </TR>
    </TABLE>
    <BR>
    <CENTER>
    <button type="submit" align="center" OnMouseover="window.status='Change Password';return true;" OnMouseout="window.status=' ';"/><img src="http://localhost/MyDreamProject/images/pwd.gif" alt=""/>
    Save Password-></button>&nbsp;
     
    <button type="reset" align="center" OnMouseover="window.status='Refresh Page';return true;" OnMouseout="window.status=' ';"/><img src="http://localhost/MyDreamProject/images/refresh.png" alt=""/> 
    Reset</button>
    </CENTER>
     
     
    </TD>
    </TR>
    </FORM>
    </TABLE>
    <div id='DetachDiv' height=0 width=0 frameborder=0></div>
    </BODY>
    </HTML>

    here's my update password.php (form action script for resetpassword.php page)
    Code PHP:
    <?php
       session_start();
     
    $Login = $_GET['Login'];
    //echo $Login;
    //exit();
     
    //Connect to mysql server
     
    $link=mysql_connect("localhost","root","");
     
    if(!$link) {
     
    die('Failed to connect to server: ' . mysql_error());
     
    }
     
    //Select database
     
    $db=mysql_select_db("blackerdread");
     
    if(!$db) {
     
    die("Unable to select database");
     
    }
     if(!get_magic_quotes_gpc())
     {
    $Login = stripslashes($_POST['Login']);
    $row['customerID'] = stripslashes($_POST[$row['customerID']]);
    $newpassword = stripslashes($_POST['newpassword']);
    $confirm = stripslashes($_POST['confirm']);
     }else{
    $Login = $_POST['Login'];
    $row['customerID'] = $_POST[$row['customerID']];
    $newpassword = $_POST['newpassword'];
    $confirm = $_POST['confirm'];
     }
    $encrypt1 = base64_encode($newpassword);
    //echo $encrypt1;
    //$decode = base64_decode($encrypt1);
    //echo $decode;
    //exit();
     
    $key = $_POST['key'];
     
    $query1 = "select Login FROM ss_customers WHERE key='".$_SESSION['key']."' and Login='".$Login."'";
    $result = mysql_query($query); 
     
    if($newpassword == $confirm)
    {
    $query = "UPDATE ss_customers Set cust_password='$encrypt1' where Login='".$Login."'";
    $result = mysql_query($query); 
    //echo $query;
    //exit();
    //update the password in the session so you don't have to logoff
    //$_SESSION["password"] = $encrypt1;
    //echo an confirm.
    echo "password updated";
    exit;
    }
    else{
    echo "you are not authorized to change passowrd!";
    exit;
    }
    ?>
    my task will be completed if i can match URL's login with the DB login and URL's key with DB's key..
    can you please suggest me..
    many thanks for the comeback.
    PHP Professional turned ASP.NET Professional

  6. #6
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    my task will be completed if i can match URL's login with the DB login and URL's key with DB's key..
    can you please suggest me..
    many thanks for the comeback.
    Hii..
    i matched those URL parameters with DB by getting them from URL. it is working now..
    but MYSQL insert query is not working...
    but the only problem is with my INSERT query, in which i'm trying to insert a randomly generated KEY into the DB against a particular USER and send it via an URL..
    when user clicked that link, i need to perform 2 validations there by getting URL parameters, LOGINID and KEY with the DB records..
    can you please suggest me how can do this?

    please let me know can we add a single column for an existing table and insert a value into it?
    presently my INSERT query is like this..
    Code PHP:
    $key = substr(base64_encode(crypt('', '')), 0, 32);
    	 $key = mysql_real_escape_string($key);
         $query1="INSERT INTO ss_customers (key) VALUES ('{$key}') WHERE customerID='".$_SESSION['customerID'] ."'";
    	 $result1=mysql_query($query1);
    echo $query1;
    exit();
    i tried many times, but the key is not being inserted into the DB against a particluar ROW.
    what i need to do is, after inserting a key into the DB, send an URL to user's email, then match DB's LOGIN ID and KEY with URL GET paramaeters, if both are same then update password else Invalid LINK..
    please do suggest me..
    many thanks..
    please suggest me how to proceed now..
    PHP Professional turned ASP.NET Professional

  7. #7
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    php MYSQL INSERT query error!

    hi all..

    i'm generating a KEY and trying to insert it into the database, but it is not being inserted. my table has already 12 columns, i added another column "KEY" of type VARCHAR and of size 100.

    the query is :
    Code PHP:
    $key = substr(base64_encode(crypt('', '')), 0, 32);
    	 $key = mysql_real_escape_string($key);
         $query1="INSERT INTO ss_customers (key) VALUES '".$key."' WHERE customerID='".$_SESSION['customerID'] ."'";
    	 $result1=mysql_query($query1);
    	 echo $query1;
    	 exit();
    when i print the query, i can see the KEY value. but i cannot see any row filled up in my database..
    can anyone please help me.. can we use WHERE clause in INSERT query?
    PS: The KEY is dynamically generated, it is not coming from any other form..
    PHP Professional turned ASP.NET Professional

  8. #8
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,251
    Mentioned
    59 Post(s)
    Tagged
    3 Thread(s)
    here is the general procedure for debugging a mysql error in your php code --

    echo out the sql statement with all php variables substituted with real values, then run the query outside of php, i.e. right in mysql

    this will give you the exact mysql error message



    in your case, it's because the INSERT statement does not allow a WHERE clause

    INSERT inserts a complete new row, so a WHERE clause makes no sense whatsoever

    i suspect that what you might want to try is UPDATE instead of INSERT
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  9. #9
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hello sir,
    echo out the sql statement with all php variables substituted with real values, then run the query outside of php, i.e. right in mysql
    in your case, it's because the INSERT statement does not allow a WHERE clause

    INSERT inserts a complete new row, so a WHERE clause makes no sense whatsoever

    i suspect that what you might want to try is UPDATE instead of INSERT
    Yes, absolutely..
    i've to use UPDATE query instead of INSERT query. i replaced INSERT with UPDATE.. KEY column in my table is not null, i doubt whether the values get updated or not?
    shall i make it NULL, so that "0" can be overwritten with $key value..?

    i tried the same in MYSQL.
    i'm got the following error..

    Error

    SQL query:

    "UPDATE ss_customers Set key='JDEkMnUxLmhOLi4kZllsSUJicUZCclZP' WHERE customerID='8'"

    MySQL said: Documentation
    #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"UPDATE ss_customers Set key='JDEkMnUxLmhOLi4kZllsSUJicUZCclZP' WHERE customerID' at line 1
    PHP Professional turned ASP.NET Professional

  10. #10
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,147
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    key is a reserved word so you must use back ticks, that could be your problem.

    Code SQL:
    UPDATE ss_customers SET `key` ='JDEkMnUxLmhOLi4kZllsSUJicUZCclZP' WHERE customerID='8'

  11. #11
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,251
    Mentioned
    59 Post(s)
    Tagged
    3 Thread(s)
    the sql query should not be enclosed in quotes -- that actually turns the query into a big long string
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  12. #12
    SitePoint Zealot pavanpuligandla's Avatar
    Join Date
    Sep 2008
    Location
    hyderabad
    Posts
    179
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    key is a reserved word so you must use back ticks, that could be your problem.

    SQL Code:

    UPDATE ss_customers SET `key` ='JDEkMnUxLmhOLi4kZllsSUJicUZCcl
    Absolutely, That worked! Great.. i didnt thought about this, ive been exploring the query..
    Thanks alot oddz..
    thanks for all who helped me in fixing my bug..
    PHP Professional turned ASP.NET Professional


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •